NahamConCTF - Tron

NahamConCTF - Tron

Lyell Read


NahamConCTF banner

75 points


NahamConTron is up to more shenanigans. Find his server.


I used the namechk tools from the OSINT Framework Site. Specifically, I used OSINT Framework > Username > Username Search Engines > Namechk, similarly to in AUCTF.

namechk tells me that there are claimed usernames for the name NahamConTron for many sites:

Screenshot of namechk for user NahamConTron

Now that we have exhausted Instagram, I opened up all the other sites with claimed usernames for NahamConTron and systematically eliminated them. I ended up at the GitHub account owned by NahamConTron, and it included a dotfiles repo. This in turn contains a bash history file that gives us the command that was run to access the server:

ssh -i config/id_rsa -p 50033

Now we just need the key, which conveniently and innappropriately is in the config repo. Running that command first gives us this error:

Permissions 0664 for 'config/id_rsa' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "config/id_rsa": bad permissions's password: 

This is fixed with a quick chmod 600 config/id_rsa and then:

ssh -i config/id_rsa -p 50033
nahamcontron@94f05a972db8:~$ cat flag.txt

~ Lyell